Offering a "full-stack" "full-lifeycle" experience to maximise the opportunity for our customers.
Designed to keep you at the cutting edge of AI, Cyber, and IT advancements, we are voicing the unsaid and shaping the future of business technology solutions.
Latest Insights
As a Business Technology Services Partner, we explore the art of the possible.
Our Microsoft Partnership
Thank you for your interest in Acora. We'd love to hear from you! Please feel free to drop us a message via our contact form.
Follow Us
Work with us
To view this video please enable JavaScript, and consider upgrading to a web browser that
Home News room Return to Work (Part 2)
My job is to keep our products and services relevant in the face of constant changes in technology, the market and our clients’ needs. I work closely with our Tier 1 vendors to understand their strategy and ensure ours is in alignment, then build services that bring their products to life for Acora’s clients. A big part of my role is making platforms, tools, integration and service maturity accessible to organisations of all types and sizes, so they can fully benefit from the added value offered by managed services.
In my previous post, I highlighted some of the considerations and challenges for IT teams as people return to the office. This time, I want to focus on the specific issues of security and compliance.
During the pandemic, you may have temporarily relaxed or suspended your normal security provisions to maintain productivity. Flexible working is often introduced at pace and maintained on a fluid and open-ended basis. Also, it has seen files being shared differently and BYOD increasing. This in turn has changed how many organisations think about and enforce data and device security. However, in many cases, the underlying policies themselves have not been adjusted accordingly.
That discrepancy needs addressing. This is because as people return to the office, you gain a clearer picture of what your ‘new normal’ is, or will look like. For example, will people now be formally permitted to access files and systems using their own, non-corporate devices? You may have been fine with BYOD in these exceptional circumstances; is it something you’re happy to see continue in future?
This policy gap is especially important if you’re subject to external audits. For example, if you are ISO-accredited, CE/CE+ certified or PCI compliant. Many audits were delayed or perhaps delivered differently due to the pandemic. However, when they restart, auditors will want to see that your policies have either been updated or reintroduced in full. If they observe practices that violate your own stated policies, the ‘temporary relaxation’ defence is likely to get short shrift at this stage.
To ensure your security, compliance processes and policies are ready to cope with your new normal (whatever that looks like) there are three main areas you need to review and examine:
The changing ways people are accessing and interacting with IT services. As I mentioned above, your policies and systems may need to be either:
Many assets that once were in the office every day and directly connected to the LAN are now remote for most of their time. This is likely to have increased the mean time between vulnerability scans and implementing configuration policies, leaving them potentially at risk.
As a result, you may need to improve your mechanisms. Both for deploying configuration policies for the OS and applications and for auditing compliance.
Users who were previously office-based are now working from home and may continue to do so more often. Make sure the appropriate licenses for features such as conditional access, risk-based logon analysis and MFA are assigned according to your security policy.
New ways of working may have led to the rapid implementation of new software, like Box.com or Teams. Authentication and governance of these new services should be inspected. This is to ensure they comply with security policies and are appropriately integrated – for example into your CASB solution.
Protecting data and systems is absolutely central to our role as CIOs, and in the return to the office. These issues may already have been discussed and decided at the senior level. If not, it’s up to us to ask the business what it wants. Because if we don’t pose these vital questions, others almost certainly will. If you’d like to find out more about what we’re doing and how it could help your organisation, please get in touch here.
2022 has been about growth, people and innovation. Company-wide, we have seen lots of staff members return back to the office which is essential for communication, personal development and collaboration. We are seeing the benefits of face-to-face internal team and…
Acora is pleased to announce it has secured a new minority investment with LDC, the private equity arm of Lloyds Banking Group. The new investment round, supported by debt funding from Ares and HSBC, will provide long-term financing for the…